Security / AI Security Research

GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos

A Noma Security research post detailing a prompt-injection flaw in GitHub Agentic Workflows, with attack flow, proof-of-concept evidence, and security recommendations.

Clear27/30
Useful24/30
Specific18/20
Complete7/20
GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos screenshot

Why it was accepted

The page clearly documents an AI-agent security finding rather than a generic blog post: it explains the agentic workflow, the attack path, the leaked private-repo data, and includes proof-of-concept references plus mitigation guidance. That gives enough substance for a useful directory entry focused on AI security research.

Weakness

The page is a single research article, so it does not describe a product, API, or reusable tool. It also leaves some practical details open, such as the exact affected GitHub configuration scope and whether the issue has been fully patched in all environments.

Review status

9 days ago #1022 ↓ -1

Last evaluated 9 days ago. Current rank #1022. Down 1 spot in the rankings.

Score history

76

Related listings

Snyk Agent Scan screenshot

Security / Agent Security

Open-source security scanner for AI agents, MCP servers, and agent skills. It auto-discovers installed agent components and checks them for prompt injection, tool poisoning, secrets, malware payloads, and related risks.

Xalgorix screenshot
#19 Xalgorix
90

Security / Penetration Testing

Self-hosted AI security testing platform for authorized pentesting and bug bounty workflows, with a local web UI, live agent telemetry, verified findings, and branded PDF reports.

Bright Security Agent screenshot

Security / Application Security

GitHub Marketplace app from NeuraLegion that scans apps and APIs for vulnerabilities, proposes fixes, and validates remediations inside GitHub workflows.

Bulwark screenshot
#280 Bulwark
86

Security / Developer Security Tool

Kernel-level read gate for AI coding agents that blocks protected file reads before bytes reach the agent, with Linux fanotify and macOS Endpoint Security support.